This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Understanding Corstone 1000 Cortex M0+ booting process

Hi,

Under TF-M code i can see two bootloaders in bl1 directory one is bl1_1 and bl1_2, but in the arm Corstone_SWArch document i can only see bl1 and bl2..

so for corstone 1000 does arm uses bl1_1 and bl1_2?? why bl1 is split into two directories again?

If possible any expert can please explain this in more detail with the code prospective.

Thanks,

Parents
  • My name is Stephen and I work at Arm.  A colleague provided the following explanation:

    In general, the BL1 implementation in TFM is split up into BL1_1 and BL1_2. The reason for this is that the BL1_1 should be located in ROM. The BL1_2 can be placed in other type of non-volatile memory.

    In a real product, changing the ROM code is only possible by modifying the photo-lithography masks in the assembly line which is really expensive.  This is why only a small amount of functionality is placed in the BL1_1.  The others are placed in the BL1_2, which can be modified more easily.

    You can read about this more in-depth at

    tf-m-user-guide.trustedfirmware.org/.../bl1.html

    In theory the BL1_1 should do at least:
    - provision the device with keys and assets
    - validate the BL1_2 image and jump to that.
    Then BL1_2 can do additional initialization, calculations, then it should validate the next image in the bootflow and jump to that. In TF-M case, the next image is MCUBoot.

    The Corstone1000 slightly diverges from this.  In Corstone1000 both the BL1_1 and BL1_2 are located in the ROM so the BL1_2 cannot be changed either, but with the separation the platform is prepared to move it elsewhere easily in the future.  (Actually, since Corstone1000 is only for fpga and fvp, it isn't a problem to update things in the ROM because it's only an emulated ROM.)

    The common BL1 code is located in the tfm/bl1 folder, and it provides weak functions that can be implemented, those can be seen in the tfm/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c and tfm/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_2.c.

    In the current implementation most of the things are done in the bl1_1: it sets up the firewall, mpu and handles the provisioning. Then it validates the BL1_2 image and jumps to that. The BL1_2 then validates the BL2 image and jumps to that.

    Hope this helps,

    Stephen

Reply
  • My name is Stephen and I work at Arm.  A colleague provided the following explanation:

    In general, the BL1 implementation in TFM is split up into BL1_1 and BL1_2. The reason for this is that the BL1_1 should be located in ROM. The BL1_2 can be placed in other type of non-volatile memory.

    In a real product, changing the ROM code is only possible by modifying the photo-lithography masks in the assembly line which is really expensive.  This is why only a small amount of functionality is placed in the BL1_1.  The others are placed in the BL1_2, which can be modified more easily.

    You can read about this more in-depth at

    tf-m-user-guide.trustedfirmware.org/.../bl1.html

    In theory the BL1_1 should do at least:
    - provision the device with keys and assets
    - validate the BL1_2 image and jump to that.
    Then BL1_2 can do additional initialization, calculations, then it should validate the next image in the bootflow and jump to that. In TF-M case, the next image is MCUBoot.

    The Corstone1000 slightly diverges from this.  In Corstone1000 both the BL1_1 and BL1_2 are located in the ROM so the BL1_2 cannot be changed either, but with the separation the platform is prepared to move it elsewhere easily in the future.  (Actually, since Corstone1000 is only for fpga and fvp, it isn't a problem to update things in the ROM because it's only an emulated ROM.)

    The common BL1 code is located in the tfm/bl1 folder, and it provides weak functions that can be implemented, those can be seen in the tfm/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c and tfm/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_2.c.

    In the current implementation most of the things are done in the bl1_1: it sets up the firewall, mpu and handles the provisioning. Then it validates the BL1_2 image and jumps to that. The BL1_2 then validates the BL2 image and jumps to that.

    Hope this helps,

    Stephen

Children